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DETAILED ACTION 

This office action is in reply to an amendment filed on April 22, 2009. Claim 9 has been 
amended and new claims 19-24 have been added. Claims 1, 3, 4, 6-9 and 11-24 are pending. 

Response to Arguments 

Applicant's arguments filed 04/22/09 have been fully considered but they are not 
persuasive. Applicant argues that. Motivation to combine Schneider and Bartoli and Zhang is 
conclusory. The examiner used the rationale of mobile devices providing limited control over 
transmissions in addition to mobile devices becoming more common to combine Schnieder with 
Bartoli and Zhang, but mobile device is never mentioned in Schnieder, Bartoli or Zhang. 
Applicant further argues that, the motivation combine Bartoli and Zhang was not clearly 
articulated and is conclusory and there is noting in Bartoli or Zhang that indicates that anything 
related to special software increase the cost of putting up the system. Examiner disagrees. 

Examiner would point out that, a suggestion, teaching, or motivation to combine the 
relevant prior art teachings does not have to be found explicitly in the prior art, as the teachings, 
motivation, or suggestion may be implicit from the prior art, as a whole, rather than expressly 
stated in the references. The test for an implicit showing is what the combined teachings, 
knowledge of one of a whole would have suggested to those of ordinary skill in the art. In re 
Kahn . 441 F.3d 977, 988, 78, USPQ2d 1329, 1336 (Fed. Cir. 2006) citing In re Kotzab . 217 F.3d 
1365,1370, 55 USPQ2d 1313 (Fed. Cir. 2000). See also In re Thrift , 298 F. 3d 1357, 1363, 63 
USPQ2d 2002, 2008 (Fed. Cir. 2002). These showings by the examiner are an essential part of 
complying with the burden of presenting a prima facie case of obviousness. Note In re Oetiker . 
977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992). In this case Schneider discloses 
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a system wherein tine attribute comprises an indication of tine location comprising VLAN ID, in 
the form of an IP address, and a port number (column 3 line 3-60) from which the request was 
received that is determined based on the received packet wherein the packet is transmitted from 
the user's computer (column 3 lines 30-45). The IP address or processor ID is used to 
determine whether the user has access to resources (column 3 lines 34-40). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to add 
the authentication so as to maintain the position information and send it as an attribute in the 
system of Zhang. One of ordinary skill in the art would have been motivated to do this because 
mobile devices provide limited control over transmission and mobile devices are becoming more 
common. 

Furthermore, Bartoli discloses the authentication, authorization, and accounting 
performed in the gateway, however, Bartoli disclose a system wherein no special software 
(configuration software) need be installed on the user's computer to access the destination 
address (column 3 lines 42-47). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the browser in the authentication system of Bartoli in the system of Zhang. 
One of ordinary skill in the art would have been motivated to do this because it would reduce the 
cost of putting up the system. 

Applicant further argues that Bartoli teaches away from Schneider and applicant's 
independent claim. Bartoli explicitly seeks to eliminate any step associated with transmitting and 
cross-referencing IP address, and combining Bartoli with Schneider would change Bartoli's 
principle of operation. Examiner disagrees. 
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Examiner would point out tinat, Botin Bartoli and Sclnneider are directed to a system for 
autlnentication, autlnorization and/or access control. Zhang and Bartoli do not disclose a system 
wherein the attribute comprises an indication of the location comprising a port, circuit ID, VLAN 
ID or MAC address from which the request was received that is determined based on the 
received packet wherein the packet is transmitted from the user's computer. 

Schneider discloses a system wherein the attribute comprises an indication of the 
location comprising VLAN ID, in the form of an IP address, and a port number (column 3 line 3- 
60) from which the request was received that is determined based on the received packet 
wherein the packet is transmitted from the user's computer (column 3 lines 30-45). The IP 
address or processor ID is used to determine whether the user has access to resources 
(column 3 lines 34-40). 

Examiner would further point out that the art on record teaches the claim limitations and 
therefore, the rejection is respectfully maintained. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 7, 9-14 and 16-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Zhang et al. (6,253,327) in view of Bartoli et al (6,047,268) and further in view of Schneider 
et al. (6,408,336 B1). 
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In reference to claims 1 and 9, Zhang discloses a metlnod for autlnorizing, autlnenticating 
and accounting users Inaving transparent access to a destination networl< (abstract), winerein tine 
users otinerwise Inave access to a Inome networl< tinrougin Inome networl< settings resident on tine 
user's computers, and winerein tine users can access tine destination networl< witlnout altering the 
home network settings, comprising: 

Receiving at a gateway device a request from a user for access to the destination 
network (column 6 lines 24-32 in combination with column 7 lines 8-10). The user (host) 
requests access to the network by using the dial up networking application. 

Identifying an attribute associated with the user based upon a packet received by the 
gateway device. The authentication packet includes information like the user-name and private 
password, which are attributes associated with the user, and the packet is sent to the gateway 
from the host (user). The applicant discloses a packet that is transmitted from the user's 
computer, wherein the user's computer remains configured for accessing the home network. 
Zhang discloses a similar system wherein the packet is transmitted form the user's (host's) 
computer while remaining configured to access the home network because the system is still 
able to access the public network while accessing information on the private network (column 5 
lines 20-40). Zhang's system requires no additional configuration software installed on the 
user's computer to access the destination network, since the user does not have to log on again 
to access other networks (column 7 line 66 to column 8 line 7). 

Accessing a user profile corresponding to the user and stored in a user profile database, 
where the user profile is accessed based upon the attribute associated with the user (column 7 
lines 12-17). 

Determining if the user is entitled to access the destination network based upon the user 
profile ((column 7 lines 12-17)). 
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Although Zhang discloses the authentication, authorization, and accounting performed in 
the gateway, however, Zhang does not expressly disclose a system wherein no special 
authentication software need be installed on the user's computer to access the destination 
address. 

Bartoli discloses the authentication, authorization, and accounting performed in the 
gateway, however, Bartoli disclose a system wherein no special software (configuration 
software) need be installed on the user's computer to access the destination address (column 3 
lines 42-47). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the browser in the authentication system of Bartoli in the system of Zhang. 
One of ordinary skill in the art would have been motivated to do this because it would reduce the 
cost of putting up the system. 

Neither Zhang nor Bartoli disclose a system wherein the attribute comprises an 
indication of the location comprising a port, circuit ID, VLAN ID or MAC address from which the 
request was received that is determined based on the received packet wherein the packet is 
transmitted from the user's computer. 

Schneider discloses a system wherein the attribute comprises an indication of the 
location comprising VLAN ID, in the form of an IP address, and a port number (column 3 line 3- 
60) from which the request was received that is determined based on the received packet 
wherein the packet is transmitted from the user's computer (column 3 lines 30-45). The IP 
address or processor ID is used to determine whether the user has access to resources 
(column 3 lines 34-40). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the authentication so as to maintain the position information and send it as 
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an attribute in tine system of ZInang and Bartoli. One of ordinary sl<ill in tine art would Inave been 
motivated to do tinis because mobile devices provide limited control over transmission and 
mobile devices are becoming more common. 

In reference to claim 18, Zhang discloses a method for authorizing, authenticating and 
accounting users having transparent access to a destination network (abstract), wherein the 
users otherwise have access to a home network through home network settings resident on the 
user's computers, and wherein the users can access the destination network without altering the 
home network settings, comprising: 

Receiving at a gateway device a request from a user for access to the destination 
network (column 6 lines 24-32 in combination with column 7 lines 8-10). The user (host) 
requests access to the network by using the dial up networking application. 

Identifying an attribute associated with the user based upon a packet received by the 
gateway device. The authentication packet includes information like the user-name and private 
password, which are attributes associated with the user, and the packet is sent to the gateway 
from the host (user). The applicant discloses a packet that is transmitted from the user's 
computer, wherein the user's computer remains configured for accessing the home network. 
Zhang discloses a similar system wherein the packet is transmitted form the user's (host's) 
computer while remaining configured to access the home network because the system is still 
able to access the public network while accessing information on the private network (column 5 
lines 20-40). Zhang's system requires no additional configuration software installed on the 
user's computer to access the destination network, since the user does not have to log on again 
to access other networks (column 7 line 66 to column 8 line 7). 
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Determining autlnentication requirements for tine received pacl<et based on information 
witlnin tine received pacl<et (column 7, lines 7-25); 

Accessing a user profile corresponding to the user and stored in a user profile database, 
where the user profile is accessed based upon the attribute associated with the user (column 7 
lines 12-17). 

Determining if the user is entitled to access the destination network based upon the user 
profile ((column 7 lines 12-17)), the determined authentication requirements for the received 
packet (column 7, lines 7-25). 

Although Zhang discloses the authentication, authorization, and accounting performed in 
the gateway, however, Zhang does not expressly disclose a system wherein no special 
authentication software need be installed on the user's computer to access the destination 
address. 

Bartoli discloses the authentication, authorization, and accounting performed in the 
gateway, however, Bartoli disclose a system wherein no special software (configuration 
software) need be installed on the user's computer to access the destination address (column 3 
lines 42-47). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the browser in the authentication system of Bartoli in the system of Zhang. 
One of ordinary skill in the art would have been motivated to do this because it would reduce the 
cost of putting up the system. 

Neither Zhang nor Bartoli disclose a system wherein the attribute comprises an 
indication of the location comprising a port, circuit ID, VLAN ID or MAC address from which the 
request was received that is determined based on the received packet wherein the packet is 
transmitted from the user's computer. 
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Schneider discloses a system a system winerein tine attribute comprises an indication of 
tine location comprising VLAN ID, in the form of an IP address, and a port number (column 3 line 
3-60) from which the request was received that is determined based on the received packet 
wherein the packet is transmitted from the user's computer (column 3 lines 30-45). The IP 
address or processor ID is used to determine whether the user has access to resources 
(column 3 lines 34-40). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the authentication using so as to maintain the position information and 
send it as an attribute in the system of Zhang. One of ordinary skill in the art would have been 
motivated to do this because mobile devices provide limited control over transmission and 
mobile devices are becoming more common. 

In reference to claims 7 and 11, Zhang discloses a system wherein determining if the 
user is entitled to access the destination network further comprises denying the user access 
where the user profile indicates that the user is denied access (fig. 5 in combination with column 
7 lines 25-30). 

In reference to claim 10, Zhang does not expressly disclose a system wherein the 
attribute associated, with the user is based upon a VLAN ID assigned to the location from which 
the request for access to the destination address was transmitted. 

Schneider discloses a system in which the ID that is associated with the location from 
which the request for access to the destination address was transmitted. The ID is the IP 
address of the user (column 3 line 3-60). 
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At the time tine invention was made, it would Inave been obvious to a person of ordinary 
sl<ill in tine art to use and ID associated with the location from which the request for access to 
the destination address was transmitted. One of ordinary skill in the art would have been 
motivated to do this because the user would then not be able to discover the existence of other 
users because they would only be able to access their own information. 

In reference to claim 12, Zhang discloses a system wherein the AAA server is located 
within the gateway device. The Authentication, Authorization and Accounting server is located 
within the device that contains the SSG therefore the whole unit would work as a gateway 
device (Fig. 4). 

In reference to claim 13, Zhang discloses a system wherein the user profile database 
includes a plurality of user profiles, wherein each respective user profile of the plurality of user 
profiles contains access information (column 7 lines 12-17). Zhang discloses the user profiles 
and therefore a plurality of user profiles are stored. The profiles are also unique to the user and 
are used for authentication therefore they are used for access information. 

In reference to claim 14, Zhang discloses a system wherein the user profile database is 
located within the AAA server (column 7 lines 12-17). 

In reference to claims 16 and 17, Zhang discloses the system further including 
requirements for the received packet based on information within the received packet, wherein 
determining if the user is entitled to access the destination network further comprises basing the 
determination also on the determined authentication requirements (column 7, lines 7-25). 
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As per claims 19, 21 and 23, Sclnneider furtlner teaclnes tine metlnod winerein identifying 
tine attribute furtlner comprises determining tine location based on a combination of two or more 
of the port, the circuit ID, the VLAN ID, and the MAC address [column 3, lines 30-60]. 

As per claims 20, 22 and 24, Zhang further teaches the method wherein determining if 
the user is entitled to access the destination network is also based upon dynamic information 
determined by a provider of the destination network [Column 7, lines 12-17]. 

Claims 3-4, 6, 8 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Zhang in view of Bartoli and further in view of Schneider et al. as applied to claims 1 and 9 
above, and further in view of Lim et al (6,434,61 9 B1 ). 

In reference to claim 3, wherein the user database is updated when a new user 
accesses the destination network. 

Zhang does not expressly disclose a system wherein the database is updated when a 
new user accesses the destination network 

Lim discloses a system in which the database is maintained (column 4 lines 36-38), 
therefore when there is a new user the database would be updated, since updating is a part of 
maintaining. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain the database for new users as the method of Lim in the system by 
Zhang. One of ordinary skill in the art would have been motivated to do this because this would 
enable the system to increase the number of user's when the amount of memory allows. 
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In reference to claim 4, wherein a Inistorical log of tine user's access to tine destination 
networl< is maintained in tine user profile. 

Zhang does not expressly disclose a historical log of the user's access to the destination 
network being maintained in the user profile. 

Lim discloses a log kept of the time and date when the user accessed their account on 
the network (column 7 lines 27-38). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a historical log of the user's access to the destination network as in the 
method by Lim in the system by Zhang. One of ordinary skill in the art would have been 
motivated to do this because it would assist in keeping track of user activity. 

In reference to claim 15, Zhang wherein each respective user profile contains historical 
data relating to the duration of destination network access for use in determining the charges 
due for the destination network access (column 7 lines 27-38). 

In reference to claim 6, Zhang does not expressly disclose a system wherein receiving at 
the gateway device a request from a user for access comprises the step of receiving an Internet 
destination address from the user (Fig. 4). 

Lim discloses a system that includes the domain of the destination server. This is 
equivalent to the Internet destination address. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to receive the Internet destination address as in the method disclosed by Lim at 
the gateway device of the system disclosed by Zhang. One of ordinary skill in the art would 
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have been motivated to do tinis because tine Internet destination address is used to determine 
wh\cU networl< tine user is gaining access to. 

In reference to claim 8, ZInang does not expressly disclose a system wherein 
determining if the user is entitled to access the destination network further comprises directing 
the user to a login page where the user profile is not located within the user profile database. 
Lim discloses a system wherein determining if the user is entitled to access the destination 
network further comprises directing the user to a login page where the user profile is not located 
within the user profile database (Lim, column 4 lines 19-24 in combination with column 4 lines 
36-38). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a historical log of the user's access to the destination network as in the 
method by Lim in the system by Zhang. One of ordinary skill in the art would have been 
motivated to do this because it would assist in keeping track of user activity. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event. 
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however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to BEEMNET W. DADA whose telephone number is (571 )272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571 ) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Beemnet W Dada/ 

Primary Examiner, Art Unit 2435 

August 12, 2009 



